xcat-core/xCAT-server/lib/perl/xCAT/PasswordUtils.pm

package xCAT::PasswordUtils;
use xCAT::Table;
my $ipmiuser = "USERID"; # default username to apply if nothing specified
my $ipmipass = "PASSW0RD"; # default password to apply if nothing specified
my $bladeuser = "USERID"; # default username to apply if nothing specified
my $bladepass = "PASSW0RD"; # default password to apply if nothing specified
# Picks the IPMI authentication to use with or deploy to a BMC
# mandatory arguments:
# noderange: a list reference to nodes (e..g. ["node1","node2"])
# optional parameters:
# ipmihash: a prefetched hash reference of relevant ipmi table data
# mphash: a prefetched hash of relevent mp table
# RETURNS:
# A hash reference with usernames and passwords, e.g.: { 'node1' => { 'username' => 'admin', 'password' => 'reallysecure' }, 'node2' => { 'username' => 'admin', 'password' => 'reallysecure' } }  
sub getIPMIAuth {
#the algorithm intended is as follows:
#Should the target have a valid ipmi.username/ipmi.password, that is preferred above all else
#Otherwise, if it is a blade topology, then synchronize with the management module password parameters in mpa by default
#if still not defined, but it is a blade topology, then use 'blade' passwd table values
#if still not defined, use 'ipmi' table values
#if still not defined, use the defaults hardcoded into this file
	my %args = @_;
	my $noderange = $args{noderange};
	my $ipmihash = $args{ipmihash};
	my $mphash = $args{mphash};
        my $tmp;
	my %authmap;
        unless ($ipmihash) { #in the event that calling code does not pass us a prefetched set of values, pull it ourselves
		my $ipmitab = xCAT::Table->new('ipmi',-create=>0);
		if ($ipmitab) { $ipmihash = $ipmitab->getNodesAttribs($noderange,['username','password']); }
	}
        unless ($mphash) { 
		my $mptab = xCAT::Table->new('mp',-create=>0);
		if ($mptab) { $mphash = $mptab->getNodesAttribs($noderange,['mpa','id']); }
	}
	my $passtab = xCAT::Table->new('passwd');
	if ($passtab) {
		($tmp)=$passtab->getAttribs({'key'=>'ipmi'},'username','password');
		if (defined($tmp)) { 
			$ipmiuser = $tmp->{username};
			$ipmipass = $tmp->{password};
                        if ($ipmiuser or $ipmipass) {
                            unless($ipmiuser) {
                                $ipmiuser = '';
                            }
                            unless($ipmipass) {
                                $ipmipass = '';
                            }
                        }
		}
		($tmp)=$passtab->getAttribs({'key'=>'blade'},'username','password');
		if (defined($tmp)) { 
			$bladeuser = $tmp->{username};
			$bladepass = $tmp->{password};
                        if ($bladeuser or $bladepass) {
                            unless($bladeuser) {
                                $bladeuser = '';
                            }
                            unless($bladepass) {
                                $bladepass = '';
                            }
                        }
		}
	}
	my $mpatab;
        if ($mphash) { $mpatab = xCAT::Table->new('mpa',-create=>0); }
	my %mpaauth;
	foreach $node (@$noderange) {
		$authmap{$node}->{username}=$ipmiuser;
		$authmap{$node}->{password}=$ipmipass;
		if ($mphash and ref $mphash->{$node} and $mphash->{$node}->[0]->{mpa}) { #this appears to be a Flex or similar config, tend to use blade credentials
			if ($bladeuser) { $authmap{$node}->{username}=$bladeuser; $authmap{$node}->{cliusername}=$bladeuser;}
			if ($bladepass) { $authmap{$node}->{password}=$bladepass; $authmap{$node}->{clipassword}=$bladepass;}
			my $mpa = $mphash->{$node}->[0]->{mpa};
			if (not $mpaauth{$mpa} and $mpatab) { 
				my $mpaent = $mpatab->getNodeAttribs($mpa,[qw/username password/],prefetchcache=>1); #TODO: this might make more sense to do as one retrieval, oh well
                                if (ref $mpaent and ($mpaent->{username} or $mpaent->{password})) {
                                    if (!exists($mpaent->{username})) {
                                        $mpaauth{$mpa}->{username} = '';
                                    } else {
                                        $mpaauth{$mpa}->{username} = $mpaent->{username};
                                    }
                                    if (!exists($mpaent->{password})) {
                                        $mpaauth{$mpa}->{password} = '';
                                    } else {
                                        $mpaauth{$mpa}->{password} = $mpaent->{password};
                                    }
                                }
				$mpaauth{$mpa}->{checked} = 1;  #remember we already looked this up, to save lookup time even if search was fruitless
			}
			if ($mpaauth{$mpa}->{username}) {  $authmap{$node}->{username} = $mpaauth{$mpa}->{username}; $authmap{$node}->{cliusername}=$mpaauth{$mpa}->{username}; }
			if ($mpaauth{$mpa}->{password}) {  $authmap{$node}->{password} = $mpaauth{$mpa}->{password} ;  $authmap{$node}->{clipassword}=$mpaauth{$mpa}->{password} }
		} 
		unless (ref $ipmihash and ref $ipmihash->{$node}) { 
			next;
		}
                if ($ipmihash->{$node}->[0]->{username} or $ipmihash->{$node}->[0]->{password}) {
                    unless($ipmihash->{$node}->[0]->{username}) {
                        $authmap{$node}->{username} = '';
                    } else {
                        $authmap{$node}->{username}=$ipmihash->{$node}->[0]->{username};
                    }
                    unless($ipmihash->{$node}->[0]->{password}) {
                        $authmap{$node}->{password} = '';
                    } else {
                        $authmap{$node}->{password}=$ipmihash->{$node}->[0]->{password};
                    }
                }
	}
	return \%authmap;
}